Skip to content
security

ci(deps): bump the actions group with 4 updates #63

Sign in to view logs

ci(deps): bump the actions group with 4 updates

ci(deps): bump the actions group with 4 updates #63

Workflow file for this run

.github/workflows/security.yml at 08a87bd
name: "security"
on:
pull_request:
push:
branches: [main]
schedule:
- cron: "0 2 * * *"
permissions:
contents: read
concurrency:
group: security-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
codeql:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language: ["go", "actions"]
permissions:
actions: read
contents: read
pull-requests: read
security-events: write
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
with:
languages: ${{ matrix.language }}
- uses: github/codeql-action/autobuild@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
- uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
grype:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # v7.2.2
id: scan
with:
path: "."
fail-build: true
severity-cutoff: critical
- uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
govulncheck:
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
with:
output-format: sarif
output-file: results.sarif
- uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
with:
sarif_file: results.sarif
dependency-review:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
permissions:
contents: read
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
with:
fail-on-severity: critical
allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, Apache-2.0, MPL-2.0, ISC